On Thu, May 30, 2002 at 08:55:17PM +0100, Antony Stone wrote: > On Thursday 30 May 2002 3:13 pm, [EMAIL PROTECTED] wrote:
> > > This type of ICMP message will be RELATED to an existing TCP > > > connection, therefore it will be allowed through the firewall by the > > > sort of rulset Claudio was using - if you recall, this was: > > > > Ah, I didn't know iptables are smart enough to realize that! > > Yes, this is one of the beautiful things about netfilter / iptables - ICMP > packets are automatically recognised as being RELATED to the TCP packets > which they're, well, related to. How does netfilter determine if the ICMP packet is RELATED to anything in the state table? Anyone suggest documentation that details this? -- FunkyJesus System Administration Team
